Re: xhost-command in Debian1

To: debian-user@lists.debian.org
Subject: Re: xhost-command in Debian1
From: Greg Wooledge <greg@wooledge.org>
Date: Sun, 24 Oct 2021 09:12:38 -0400
Message-id: <[🔎] YXVbxvqvHXq7J7V3@wooledge.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] b5cf2bb6-e3d2-19d2-7ab9-6dd783ddf6fa@gmail.com>
References: <c83081ec-18f9-d038-398f-26caa7f3884c@gmx.net> <20210615195127.GA22030@tuxteam.de> <[🔎] 20211022082536.1a0787b9@jhegaala.localdomain> <[🔎] 20211022144425.GA3256@axis.corp> <[🔎] 20211023123125.17d144b3@jhegaala.localdomain> <[🔎] b5cf2bb6-e3d2-19d2-7ab9-6dd783ddf6fa@gmail.com>

On Sun, Oct 24, 2021 at 04:59:06PM +1100, Keith Bainbridge wrote:
> 
> On 24/10/21 05:31, Charles Curley wrote:
> > alias su="su --whitelist-environment=DISPLAY,XAUTHORITY"
> 
> 
> Doesn't that mean that when you type 'su' at a command prompt, the response
> will be running the command
> --whitelist-environment=DISPLAY,XAUTHORITY
> as root.

No.  It will run the command   su --whitelist-environment=DISPLAY,XAUTHORITY
which has setuid privileges, and therefore will run with effective UID 0.

It's a lot like doing   alias ls='ls --color=auto'

The second ls inside the alias expansion becomes the new command that
gets executed.  Aliases don't recurse into themselves, which is by
design so that people can do things exactly like this.

Reply to:

References:
- Re: xhost-command in Debian11
  - From: Charles Curley <charlescurley@charlescurley.com>
- Re: xhost-command in Debian11
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: xhost-command in Debian1
  - From: Charles Curley <charlescurley@charlescurley.com>
- Re: xhost-command in Debian1
  - From: Keith Bainbridge <keithrbaugroups@gmail.com>

Prev by Date: Re: mac-boot suggestion, where can I report?
Next by Date: Re: Sata Hard drive testing
Previous by thread: Re: xhost-command in Debian1
Next by thread: Re: xhost-command in Debian11
Index(es):
- Date
- Thread